Archive for March 13th, 2006
The root of all security
Anyone who reads the Tech news regularly have probably heard about the latest announcement that a flaw in the Ubuntu 5.10 installation process leaves the default user password saved as plain text on the harddrive. As Ubuntu doesn’t (by default) allow for a root password to be created and instead gives the first user root abilities by way of ‘sudo‘, this means the de-facto root password is left in plain view as plain text (pun not intended, at least not originally…), allowing other users access to the First User password.
However…
No, scratch that, I’ll however in the next paragraph.
What’s most surprising here isn’t that Ubuntu has a security flaw, software isn’t perfect, and since every new version of Ubuntu have rewrote the installer, installation flaws might appear. Actually, what’s supervising here is that it took so long to locate it. A lot of the open source “evangelists” claim that those kind of bugs tend to surface more easily due to the large amount of users/developers, the access to the code, the better method of communication, the community etc. etc. This didn’t happen here. Until now.
What did happen is that this was patched in hours. What did happen is that this doesn’t allow outside users to have root access, only local users (and users connected remotely through SSH). It also emphasised the fact that security practices are still the best way to ensure that your system is safe from outside attacks. Meaning, users who installed the OS through the “expert” mode, and have created a root password were not in any danger, or users that following the installation have enabled root, or a root-like user (meaning creating a second user that has the sudo-root privileges , and making the First User a limited, non-sudo user) wouldn’t have been compromised by this flaw.
Also interesting is the question regarding the whole sudo model. Ubuntu’s decision to use sudo instead of root has brought many complaints from veteran Gnu/Linux users. Many people feel that this practice compromise the system’s inherent security model and is a very good example how Ubuntu, in its attempt to be more “accessible” broke the security model.
I don’t subscribe to this concept. The danger of working with a root terminal are very known, as the user might not close the terminal, or logout from root, after completing the operation. With the sudo model, leaving open a superuser terminal minimizes this by forcing you to enter a password for each root operation. Adding a second layer of distancing the default user from the root operations, by creating an “admin” user with sudo privileges is even better than the normal user/root model, as logging into “admin” would still demand the sudo password to be entered, and forgetting to close the “admin” terminal won’t compromise the system.
In a similar note, I wrote in the past regarding the faulty concept that a products security is measured by the number of officially disclosed flaws. I’m happy to see that there seem to be some changes in this way of thinking.
